190 matches found
CVE-2025-10629 D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection
A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...
CVE-2025-10369
A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10118
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...
PT-2025-36455
Name of the Vulnerable Software and Affected Versions: Jinher OA versions up to 1.2 Description: A vulnerability exists in Jinher OA that allows for xml external entity reference. The issue affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add...
CVE-2025-10033
A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...
CVE-2025-9783
A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly...
CVE-2025-9669
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used...
CVE-2025-9528
CVE-2025-9528 affects Linksys E1700 router (version 1.0.0.4.003). The vulnerability targets the function systemCommand in /goform/systemCommand; manipulating the command argument can cause an OS command injection. The attack can be launched remotely, and exploitation has been publicly disclosed. ...
PT-2025-34834
Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security issue has been identified in itsourcecode Apartment Management System version 1.0. The vulnerability is due to SQL injection in the /branch/addbranch.php file...
PT-2025-34829
Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A vulnerability exists in Campcodes Online Loan Management System that allows for SQL injection. The issue affects an unknown part of the /ajax.php?action=delete plan file...
CVE-2025-9473
SourceCodester Online Bank Management System 1.0 has a SQL injection in /feedback.php triggered by manipulating the msg parameter. The vulnerability is remote and has public exploit discussion. Multiple sources describe the issue and its impact on confidentiality, integrity, and availability as h...
CVE-2025-9440
CVE-2025-9440 affects 1000projects Online Project Report Submission and Evaluation System 1.0. A vulnerable function is in /admin/add_title.php, where manipulating the Title argument permits cross-site scripting. The issue is exploitable remotely and publicly disclosed. Multiple connected sources...
CVE-2025-9429 mtons mblog Post submit cross site scripting
A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...
CVE-2025-9423
A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...
CVE-2025-9411
CVE-2025-9411 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the SelectPageList function of modules/system/service/LoginInforService.go, where manipulation of the isAsc argument enables SQL injection. Exploitation is remote and has been publicly disclosed; multiple source...
CVE-2025-9403
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...
CVE-2025-9392 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 qosClassifier stack-based overflow
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument...
CVE-2025-9310
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...